I recently made a purchase that improved the reliability of my home network—a Cisco Linksys EA3500 dual-band wireless router. The device itself has worked just as I hoped.

But shortly after my purchase, Cisco pushed a firmware update to this router that limited owners' ability to administer the devices ourselves. The update led me (and many others) to install an older version of the firmware in order to regain all the control we had in the first place. More on just how to do that in a bit. First let's explain what Cisco did, and why many people are upset.

When the firmware update (which also applied to the EA4500 and EA2700 router models) rolled out, attempting to connect to the browser's internal administrative Web interface brings the user instead to a signup page for the “Cisco Connect Cloud," as seen here:

The service basically replicates all the features router administrators already have, but moves them from your home network to Cisco’s cloud. The supposed benefit is that you can manage your router even when you’re not at home. I can’t imagine many circumstances in which I would need to do that; connecting my router’s administration features to a Web account also seems like a needless security risk (albeit a small one).

In exchange for the convenience of Connect Cloud, you have to agree to some pretty onerous terms. In short, Cisco would really hate it if you use the Web to view porn or download copyrighted files without paying for them.

You agree not to use or permit the use of the Service: (i) to invade another's privacy; (ii) for obscene, pornographic, or offensive purposes; (iii) to infringe another's rights, including but not limited to any intellectual property rights; (iv) to upload, email or otherwise transmit or make available any unsolicited or unauthorized advertising, promotional materials, spam, junk mail or any other form of solicitation; (v) to transmit or otherwise make available any code or virus, or perform any activity, that could harm or interfere with any device, software, network or service (including this Service); or (vi) to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability.

While we are not responsible for any content or data that you choose to access or otherwise use in connection with the Service, we reserve the right to take such action as we (i) deem necessary or (ii) are otherwise required to take by a third party or court of competent jurisdiction, in each case in relation to your access or use or misuse of such content or data. Such action may include, without limitation, discontinuing your use of the Service immediately without prior notice to you, and without refund or compensation to you.

These terms of service have sparked a bit of an uproar among Cisco customers—you can get a sampling of the outrage among fellow Ars readers in the forums. A lot of that outrage is focused on privacy concerns. ExtremeTech found that Cisco has deleted a portion of a privacy statement that said Cisco would keep track of Connect Cloud customers’ “network traffic” and “Internet history."

I e-mailed Cisco public relations reps to ask how Cisco would know if anyone is using its cloud service for pornographic purposes or to infringe intellectual property rights, and also whether Connect Cloud keeps a record of everything its users do on the Internet, but haven't gotten a response yet. Cisco did previously weigh in with a blog post saying “Cisco Connect Cloud does not actively track, collect or store personal info or usage data for any other purposes, nor is it transmitted to third parties.”

Perhaps “actively” means Cisco only does the tracking sometimes. If no tracking occurs at all, why do the terms of service give Cisco the right to penalize customers for porn- and copyright-related offenses?

Some have claimed Cisco will “transform your router into a useless brick” if your porn habits violate the cloud service’s conditions. I don’t read the terms that way. Instead, the terms indicate to me that Cisco would discontinue a user’s right to use the cloud service, while still allowing you to use the router you bought and paid for.

Rolling back your firmware, ditching Connect Cloud

I followed the instructions last night and was able to regain access to the traditional Web interface for managing my router.

The first step is downloading the earlier version of the firmware. Next, you disconnect the Ethernet cable from the router’s Internet port. That’s because if your computer is online, navigating to 192.168.1.1 takes you to the Connect Cloud signup page. Severing the Internet connection brings you to a different page that provides administration access with your router’s password.

At this point, you can use the previously downloaded file to roll the router’s firmware back to the prior version. The router reboots, and once you plug the Ethernet cable back in you’re online, and going to 192.168.1.1 gives you the traditional Web interface—no cloud service account required.

The final step is to uncheck the automatic upgrade option. Now your router won’t automatically receive firmware updates. You could try the third-party firmware DD-WRT, but it seems to be supported on the Linksys EA2700 but not the other two models affected by the recent update.

Not receiving firmware updates isn’t ideal, of course. There is one way around this without signing up for the cloud service, though. Even with the latest firmware, you can manage your router without a Connect Cloud account by using the software that comes with a Cisco router. However, this software only includes the most basic options—for anything advanced, it redirects you to 192.168.1.1, which in turn redirects you to the Cisco Connect Cloud if you haven’t rolled back your firmware.

There’s also a phone app called Cisco Connect Express that works on your home network without a cloud account. That app is still available for now, but Cisco is pushing a new phone app that requires the cloud account.

That Cisco blog post we mentioned said the company is developing an updated version of the opt-out process for automatic updates to make it clearer that customers have more options than simply creating a Connect Cloud account.

Cisco is promising that Connect Cloud will offer many new conveniences, like adding devices to your home network with a tap of a button. I’ve never had any trouble adding devices to my home network in the first place, though, so for now I’m sticking with the older firmware.

Promoted Comments

Okay, so Cisco goes on the list with Apple and Sony, of tech companies I won't deal with.

Clearly some people read the "agreement" a little more generously than the writer. I certainly don't, and I don't see how a router manufacturer sees this area as its responsibility. It sells hardware, and after that is not involved.

If it does provide a software platform to make its hardware "easier to use" (extremely debatable in this context), then it needs to make sure that platform is properly designed in order to cover Cisco. That doesn't mean telling its users what their traffic is allowed to be, even if it does want to be an ISP of sorts here.

It also doesn't mean writing your "agreement" in such a way that you imply the possibility of spying on your users.

Cisco has proven the statement I made when Sony won the OtherOS lawsuit:

"The lesson everyone should take from this is: you don't own something which requires a network connection and can be updated via the network."

In my opinion, this pretty much sums it up. The TOS don't scare me too much, here. What is more annoying is that the cloud is considered the new standard configuration utility. I personally consider a cloud utility in this case a liability, not an asset. If the router had an optional cloud interface, that would be great. I would consider that a very interesting capability that I would just choose not to use, since I want my LAN to be independent of the cloud. But, this situation would seem to indicate that, going forward, this is the new norm for this router.

I realize, as a purchaser of the router, I'm not entitled to updates to the firmware. But, much like my PS3, I've just been given one too many reasons not to consider purchasing this equipment again. Will their next router just come with this as the baseline firmware? I know I would not buy such a router. Similarly, I also will not be buying a PS4.

150 Reader Comments

Lesson learned!!!!Never configure any auto update for the sake of convenience. I don't have any of the routers in question, but at the very least I want to control when updates are applied to the tech gadgets I use. I don't wan tot be hit with change in the midst of something important I'm doing. I want to know I have some time to fix any problem that might come up with updates.

I don't understand how people can migrate in masses and bet their business on cloud tools/services where they loose any control over what feature might go away tomorrow.

Remote management is nothing new, your current router almost certainly allows it already. You don't need any cloud to do that. Which again brings me to the question, what good is this service anyway? Ever purportedly, what's the advantage? Anyone know?

No idea, but I wouldn't be surprised in the slightest if Cisco rolled out an "app store" available from this Cloud Connect portal...

So to be clear: You don't have to use the service and the whole TOS only applies to the service (which if you lost count, you don't have to use).

So what exactly is the whole uproar about? "How dare cisco add some optional service with TOS I don't agree with?!"

The problem is that your router is unconfigurable if you don't use the service. Sure it still would work but you wouldn't be able to change any settings.

Not exactly unconfigurable, but it gets limited yes. I based my information on a reddit post (since the article didn't really mention that..) that was later amended to say that some options are turned off if you're not using the cloud service.

Which changes the whole situation obviously - adding an optional service is fine, but as soon as it is necessary to configure the router it's no longer optional and then they should refrain from dubious TOSes.

The only thing I can think of is they don't want you naming your wireless network something obscene. My neighbor had an obscene (to me) wireless network name for a while, until I pointed out that the entire neighborhood knew which wireless network was his and that some of the parents were upset.

I am not defending Cisco here, I'm just looking for an answer to their very strange anti-pornography clause and this is all I've got.

They tried going after the ISP's. They tried going after individual websites. Now they're going after your own bloody hardware./tinfoil hat

Mind you, I've always steered clear of Cisco on principle. Anyone who's read some of the corporate espionage they've been up to and how they've gone after former employees, couldn't in good conscious support them financially. If you require a citation i'll have to assume you've never heard of a little startup called Google.

Typically when making claims you provide your own sources. Not tell others to go "find" them.

How much work and expense are you willing to put in? If the answer is a lot, then I'd recommend building a small x86 box and running pfSense. Then add a wireless card, or get any router you please and just use it as a switch/wireless access point.

Otherwise, pick something that has decent DD-WRT support, which probably means something at least a year or two old, if it's still available. This is what I used to do with my E4200, but got sick of playing the "Joe Blow's build #49152 works great but DDNS is broken. If you need DDNS but don't mind having broken <whatever> try Joe Schmoe's build #3456, but personally I find build #3453 works better for me, but there's a small chance it will brick your router when you install it" game.

pfSense was a breath of fresh air after that, but like I said, expensive (if you don't already have some usable hardware laying around) and more complex to install.

Okay, so Cisco goes on the list with Apple and Sony, of tech companies I won't deal with.

Clearly some people read the "agreement" a little more generously than the writer. I certainly don't, and I don't see how a router manufacturer sees this area as its responsibility. It sells hardware, and after that is not involved.

If it does provide a software platform to make its hardware "easier to use" (extremely debatable in this context), then it needs to make sure that platform is properly designed in order to cover Cisco. That doesn't mean telling its users what their traffic is allowed to be, even if it does want to be an ISP of sorts here.

It also doesn't mean writing your "agreement" in such a way that you imply the possibility of spying on your users.

If it does provide a software platform to make its hardware "easier to use" (extremely debatable in this context), then it needs to make sure that platform is properly designed in order to cover Cisco. That doesn't mean telling its users what their traffic is allowed to be, even if it does want to be an ISP of sorts here.

You're saying cloud operators don't have the right to determine what stuff you upload to them? Well it probably depends, but *every* operator will at least secure themselves against illegal data. Doesn't mean that they will actually monitor anything, it's just a security if someone does and law enforcement knocks at their doors.

Glad someone finally started recognizing this issue. I too got this "update" forced down my throat by Cisco. For me its not about porn, or copyright-related infringement, because I don't do them. For me its some one else being able to change or limit or control my access to something I own, and what amounts to arm twisting to get me and everyone else into the "cloud".

Personally, I don't want my stuff in the "cloud" where a bunch of strangers from some company can access, use, or control it at will for reasons they devise or justify or create. I especially do not want any of my hardware access or control to be in the "cloud". Its just creepy and provides too many choices for abuse or violation if the company wants to do such, or some idiots somewhere like Anonymous decides they somehow have a "right" to penalize others because they have some beef against a company.

I don't think its some big 'Big Brother is watching' scheme, but if people want to use the "cloud" it should be their choice, and they should not have their access to the internet or their own hardware limited, curtailed, or voided of features usage, or have the "cloud" forced down their throats.

Cisco has proven the statement I made when Sony won the OtherOS lawsuit:

"The lesson everyone should take from this is: you don't own something which requires a network connection and can be updated via the network."

In my opinion, this pretty much sums it up. The TOS don't scare me too much, here. What is more annoying is that the cloud is considered the new standard configuration utility. I personally consider a cloud utility in this case a liability, not an asset. If the router had an optional cloud interface, that would be great. I would consider that a very interesting capability that I would just choose not to use, since I want my LAN to be independent of the cloud. But, this situation would seem to indicate that, going forward, this is the new norm for this router.

I realize, as a purchaser of the router, I'm not entitled to updates to the firmware. But, much like my PS3, I've just been given one too many reasons not to consider purchasing this equipment again. Will their next router just come with this as the baseline firmware? I know I would not buy such a router. Similarly, I also will not be buying a PS4.

So, apparently porn is "infringement" now? Has anyone told the genuises at Cisco that not everyone is a stupid Christian, Islamist or Jewdaist? Has anyone told the genuises at Cisco that Playboy Enterprises and Larry Flynt Publications are legal corporations? No, I don't get porn from such sites (it's where grandpas go to get their porn), but it's a good example of how porn is legal.

Cisco are idiots, I think the whole licence concerns are totally over the top since they probably cut & pasted it from some other service. (I doubt the companies read the licence better than the customers)

But those idiotic cloud services that do not bring you any benefits need to die.

One basic rules:

People should opt in because of better features, if the company has to force its customers into it because it wants more control something went wrong.

Pornography is protected speech under the 1st Amendment in the US, which makes it odd any lawyer would attempt to include it in the boilerplate EULA. [Note, legally, what you may consider porn may well be obscenity, if so, it can be restricted--but note that they specifically mention pornography, not obscene material.] Since they're trying to regulate protected speech, imagine if tried to restrict other forms, e.g. "Your router may not be used to espouse Jesus was Christ" or something of that nature.

First Amendment, really?

Post some porn here and see how fast you get shown the door. First Amendment does not apply to companies.

This is my beef with the public cloud. It's promoted as being your personal storage but the companies providing access are censoring your content. I can only imagine how many people will have their SkyDrive accounts deactivated once Windows 8 launches with its deep integration. People will think of SkyDrive as being no different than their local storage. Yet, some unfortunate individual is examining their files and flagging content even if it's private.

I've had my SkyDrive account deactivated twice because I violated terms of service. The first time was indeed a violation but I had the photo set as private and only shared a link with one person. So, why the hell were my photos monitored? Is it because I shared a link or does everything get reviewed even if it's supposedly private? The second time, I again set the photos as private and shared a link , but this time there was no violation. So, I challenged the deactivation and received an email saying that my account appeared to be active. I log back in and, magically, it had been reactivated.

Pornography is protected speech under the 1st Amendment in the US, which makes it odd any lawyer would attempt to include it in the boilerplate EULA. [Note, legally, what you may consider porn may well be obscenity, if so, it can be restricted--but note that they specifically mention pornography, not obscene material.] Since they're trying to regulate protected speech, imagine if tried to restrict other forms, e.g. "Your router may not be used to espouse Jesus was Christ" or something of that nature.

First Amendment, really?

Post some porn here and see how fast you get shown the door. First Amendment does not apply to companies.

First amendment does not apply to forums, or companies, because those are things which are able to execrise right of ownership and the first amendment does not interfer with, remove, replace, or control rights of ownership. Forums and companies may allow or tout first amendment rights but they also have the right to decide what goes on for something they own. Its the same for the "cloud", its owned by someone else and they are free to decide what goes on. Just because you can do it does not mean that others have to allow.

I've owned two Linksys WRT54GLs with Tomato on them and they were always rock solid and reliable. I've noticed in recent years that no new Cisco Linksys routers seemed to be as highly recommended. This seems to make any future decision for me - I would never buy any Cisco shit that had this service associated with it.

Sometimes the cloud is useful, but in this case it provides NO benefit at all. How does it make any sense to connect to a remote server to administer local hardware? As others have said, what happens when you can't get online at all? The web interface works fine as well as allows for remote administration if you want it. It doesn't matter if you can avoid this update or if the TOS is just boilerplate stuff....the question you should be asking is what motivation does Cisco have to move users to this? The answer certainly can't be anything good or in your best interests.

So, apparently porn is "infringement" now? Has anyone told the genuises at Cisco that not everyone is a stupid Christian, Islamist or Jewdaist? Has anyone told the genuises at Cisco that Playboy Enterprises and Larry Flynt Publications are legal corporations? No, I don't get porn from such sites (it's where grandpas go to get their porn), but it's a good example of how porn is legal.

The EULA/TOS seems like pretty boilerplate stuff to me, as long as they're not dictating how people are allowed to use their own internet service. They say they're not *actively* monitoring traffic... could they pull the logs at any time they wish?

The main problem I see with this is that you're effectively given the choice of either never receiving firmware updates again, or using their cloud service. What if a bug rears its head down the road that can only be fixed with firmware?

I've been personally using a Netgear WNDR3700 for the last year and a half, and other than one issue with the wireless cutting out (which was fixed with a firmware update), it's been rock solid. I do use Linksys for some of my SOHO clients, so this could be problematic.

Remote management is nothing new, your current router almost certainly allows it already. You don't need any cloud to do that. Which again brings me to the question, what good is this service anyway? Ever purportedly, what's the advantage? Anyone know?

I've a couple routers I access remotely. Let me say first though that I use an incredibly strong password that I have to use a vaulting service to use.

Some of the reasons I do this are for remote shutting down or starting of services that are forwarded on certain ports. The other reason is that sometimes I'm quite far away from home or work sometimes. I filter MAC addresses so even if a password is known to allow a wireless connection from either location people still can't get access. I can remote into a router, identify the MAC that is trying to connect, and make an exception remotely, allowing that user to gain access to the network/internet.

Edit: I misread Spectator11's comment. I see no use for this new Cisco service also.

I miss my old smoothwall router. I got rid of it because it sucked too much juice. Now I am stuck with the same mass marketed junk as all the other home consumers. At least there are alternatives like ww-drt and tomato.